ETSI TS 119 101为签名创建应用程序提供了一般安全和策略要求， 验证和扩充。本文件主要涉及以下行为者:签名创建、签名验证和/或签名应用程序的实施者和提供者 扩充，世卫组织需要确保相关要求得到满足。集成签名创建、签名验证和/或签名增强应用程序的参与者 带有业务流程软件（或使用独立软件）的组件，他们希望确保 整个签名创建/验证/增强过程的功能，以及签名 创建/验证在足够安全的环境中完成。本文件适用于这些参与者及其评估者（用于自我评估或第三方评估） （第三方）有一份检查执行情况的标准清单。这些要求涵盖签名创建、签名验证和/或签名增强的应用，即 实施和提供签名创建/验证/增强应用模块 （SCA/SVA/SAA）、驱动应用程序（DA）、SCA和签名创建设备之间的通信 以及使用SCA/SVA/SAA的环境。它还规定了用户界面要求，同时 用户界面可以是SCA/SVA/SAA的一部分，也可以是调用SCA/SVA/SAA的DA的一部分。任何使用 业务流程中的SCA/SVA/SAA组件充当驱动应用程序的角色。该文件涵盖:法律驱动的政策要求。信息安全（管理体系）要求。签名创建、签名验证和签名增强过程要求。 开发和编码策略要求。一般要求。签名创建应用程序和签名验证应用程序的保护配置文件（PP）不在范围内，并且 在CEN标准“签名创建和验证应用的保护配置文件”[i.9]中定义。 信托服务提供商的一般要求见ETSI EN 319 401[i.24]。信托服务的要求 提供签名创建或验证服务的提供商不在范围之内。对信托服务提供者的要求 提供签名创建服务的定义见ETSI TS 119 431[i.22]，CEN EN 419 241[i.21]定义 对远程签名创建设备的要求。对提供签名的信托服务提供商的要求 验证服务的定义见ETSI TS 119 441[i.23]。

ETSI TS 119 101 provides general security and policy requirements for applications for signature creation, validation and augmentation.The present document is primarily relevant to the following actors:Implementers and providers of applications for signature creation, signature validation and/or signature augmentation, who need to ensure that relevant requirements are covered.Actors that integrate applications for signature creation, signature validation and/or signature augmentation components with business process software (or use standalone software), who want to ensure proper functioning of the overall signature creation/validation/augmentation process and that the signature creation/validation is done in a sufficiently secure environment.The present document is applicable to these actors, and their evaluators (for a self-evaluation or an evaluation by a third party) to have a list of criteria against which to check the implementation.The requirements cover applications for signature creation, signature validation and/or signature augmentation, i.e. the implementation and provision of the Signature Creation/Validation/Augmentation Application modules (SCA/SVA/SAA), the driving application (DA), the communication between the SCA and the signature creation device (SCDev) and the environment in which the SCA/SVA/SAA is used. It also specifies user interface requirements, while the user interface can be part of the SCA/SVA/SAA or of the DA which calls the SCA/SVA/SAA. Any entity using SCA/SVA/SAA components in its business process acts as driving application.The document covers:Legal driven policy requirements.Information security (management system) requirements.Signature creation, signature validation and signature augmentation processes requirements.Development and coding policy requirements.General requirements.Protection Profiles (PP) for signature creation applications and signature validation applications are out of scope and are defined in the CEN standard "Protection Profiles for Signature Creation & Validation Applications" [i.9]. General requirements for trust service providers are provided in ETSI EN 319 401 [i.24]. Requirements for trust service providers providing signature creation or validation services are out of scope. Requirements on trust service providers providing signature creation services are to be defined in ETSI TS 119 431 [i.22], with CEN EN 419 241 [i.21] defining requirements for a remote signature creation device. Requirements on trust service providers providing signature validation services are to be defined in ETSI TS 119 441 [i.23].